<?php

/*

   

*/

        include("./includes/config.inc.php");
        include("./includes/messages.inc.php");
        include("./includes/auction_types.inc.php");

        /* first check if valid auction ID passed */
        $result = mysql_query("SELECT * FROM auctions WHERE id='$id'");
                // SQL error
        if (!$result)
        {
                include("header.php");
        $TPL_errmsg = $flr_001;
                include("templates/template_bid_php.html");

                include("footer.php");
                exit;
        }
        $n = mysql_num_rows($result);

        // such auction does not exist
        if ($n==0)
        {
                include("header.php");
        $TPL_errmsg = $flr_606;
                include("templates/template_bid_php.html");

                include("footer.php");
                exit;
        }

      // extract info about this auction into an hash
      $Data = mysql_fetch_array($result);
      $auctiondate = $Data[starts];
      $auctionends = $Data[ends];
            $item_title = $Data["title"];

            $item_description = $Data["description"];

      // check if auction isn't closed
      $AuctionIsClosed = false;
      $closed = intval($Data["closed"]);
      $c = $Data["ends"];

      if ( mktime(
              substr($c,8,2),
              substr($c,10,2),
              substr($c,12,2),
              substr($c,4,2),
              substr($c,6,2),
              substr($c,0,4)
          )<=time() )
          $AuctionIsClosed = true;

      if ( ($closed==1) || ($AuctionIsClosed) )
      {
          include("header.php");
          $TPL_errmsg = $flr_614;
                  include("templates/template_bid_php.html");
          include("footer.php");
          exit;
      }

      // fetch info about seller
      $result = mysql_query("SELECT * FROM users WHERE id='".$Data["user"]."'");
      $n = 0;
      if ($result)
          $n = mysql_num_rows($result);
      if ($n>0)
          $Seller = mysql_fetch_array($result);
      else
          $Seller = array();


      $atype = intval($Data[auction_type]);

      // calculate: increment and mimimum bid value
      // determine max bid for this auction


      // höchstes momentanes Gebot für diese Auktion holen
      $result = mysql_query("SELECT MAX(bid) AS maxbid FROM bids WHERE auction='$id' GROUP BY auction");
      $high_bid = 0;
      if ($result)
          if (mysql_num_rows($result)>0)
              $high_bid = mysql_result($result,0,"maxbid");
      // Erhöhungsschritt aus der Datenbank holen
      $query = "SELECT increment FROM increments WHERE".
        "((low<=$high_bid AND high>=$high_bid) OR".
        "(low<$high_bid AND high<$high_bid)) ORDER BY increment DESC";
      $result_incr = mysql_query  ( $query );
      if(mysql_num_rows($result_incr) != 0)
      {
      $increment   = mysql_result ( $result_incr, 0, "increment" );
      }

      $minimum_bid = $Data["minimum_bid"];

      // wenn noch kein Gebot vorliegt, dann das erste Gebot setzen, ...
      if ($high_bid==0)
        $next_bid = $minimum_bid;
      // wenn doch, dann Gebot _PLUS_ Erhöhungsschritt
      else
        $next_bid = $high_bid + $increment;

        /*      else: such auction does exist.
                if called from item.php - then transfer passed data
                if called - check data/username/password and then execute autobid
        */

        unset($display_bid_form);
        if (empty($action) )
        {
                // no "action" specified
                $display_bid_form = true;
        }
        else
        {
    // an action specified: check for data and perform corresponding actions

    unset($flr);

      /*
        BM 31.10.2001
        1. In $high_bid steht jetzt der höchste Wert aus dem Feld "bid" der Tabelle "bids"
        2. In $minimum_bid steht jetzt der Wert des Feldes "minimum_bid" der Tabelle "auctions" (Startpreis)
        3. In $next_bid steht jetzt der Betrag des aktuellen Mindesgebotes
      */


    // Kommas gegen Punkt austauschen
    $newbid = $bid;
    $bid = str_replace(",",".",$newbid);


    if ($bid<$next_bid)
    {
      $flr = "607";
    }

    // check if number of items is OK
    if ( ($atype==2) && (!isset($flr)) )
    {
      if ( (intval($qty)==0) || (intval($qty)>intval($Data["quantity"])) )
      {
        $flr = "608";
      }
    }

    // check if nickname and password entered
    if ( !isset($flr) )
    {
      if ( strlen($nick)==0 || strlen($password)==0 )
          $flr = "610";
    }

    // Schwarze Liste des Verkäufers prüfen
    if ( !isset($flr) )
    {
      $query = "SELECT * FROM blacklist WHERE user='".$Seller["id"]."' AND dis_user='".$nick."'";
      $result = mysql_query($query);
      if ($result)
      {
        $n = mysql_num_rows($result);
        if ($n > 0)
          $flr = "621";
      }
      else
        $flr = "001";
    }

    // check if nick is valid
    if ( !isset($flr) )
    {
      $query = "SELECT * FROM users WHERE nick='".addslashes($nick)."'";

      $result = mysql_query($query);

      $n = 0;
      if ($result)
          $n = mysql_num_rows($result);
      else
          $flr = "001";

      if ( !isset($flr) )
      {
          if ($n==0)
              $flr = "609";
      }
      if($n > 0)
        $bidder_id = mysql_result($result,0,"id");
    }

    // check if password is correct
    if ( !isset($flr) )
    {
        $pwd = mysql_result($result,0,"password");
        if ($pwd != md5($MD5_PREFIX.$password))
        {
            $flr = "611";
        }
        else
        {
          if(mysql_result($result,0,"suspended") > 0)
          {
            $flr = "618";
          }
        }
    }

    // Check if Auction is suspended
    if ( !isset($flr) )
    {
      $query2 = "SELECT suspended FROM auctions WHERE id='$id'";
      $result2 = mysql_query($query2);

      if (mysql_result($result2, 0, "suspended") > 0)
      {
        $flr = "619";
      }
    }

    // check if bidder is not the seller
    if ( !isset($flr) )
    {
        $bidderID = mysql_result($result,0,"id");
        if ( $bidderID == $Seller["id"] )
            $flr = "612";
    }

    // check if this user isn't winning now
    if ( !isset($flr) )
    {
      $result = mysql_query("SELECT * FROM bids WHERE auction='$id' ORDER BY bid DESC");
      $auctionBIDS = $result;
      $n = 0;
      if ($result)
      {
        $n = mysql_num_rows($result);
        if ($n>0)
        {
          $bidder = mysql_result($result,0,"bidder");
          $moment_bid = mysql_result($result,0,"bid");
          if (($bidder == $bidderID) AND ($next_bid <= $moment_bid))
              $flr = "613";
        }
      }
      else
        $flr = "001";
    }

    // perform final actions
    if ( isset($flr) )
    {
        $display_bid_form = true;
        $TPL_errmsg = ${"ERR_".$flr};
    }
    else
    {
    unset($flr);

    $send_email = 0;

    // Send e-mail to the old winner if necessary

    // Check if there's a previous winner and get his/her data

    $query = "select bidder,bid,maxbid from bids where auction=\"$id\" order by maxbid desc";
    $result = mysql_query($query);
    if(!$query)
    {
      print $flr_001."<BR>$query<BR>".mysql_error();
      exit;
    }

    if(mysql_num_rows($result) > 0)
    {
      $send_email = 1;

      $OldWinner_id = mysql_result($result,0,"bidder");
      $OldWinner_bid = mysql_result($result,0,"bid");
      // BEG BM 31.10.2001
      $OldWinner_maxbid = mysql_result($result,0,"maxbid");
      // END BM 31.10.2001

      $query = "select * from users where id=\"$OldWinner_id\"";
      $result_old_winner = mysql_query($query);
      if(!$result_old_winner){
        print $flr_001."<BR>$query<BR>".mysql_error();
        exit;
      }

      $OldWinner_nick = mysql_result($result_old_winner,0,"nick");
      $OldWinner_name = mysql_result($result_old_winner,0,"name");
      $OldWinner_email = mysql_result($result_old_winner,0,"email");
    }

      // BEG BM 31.10.2001
      // schauen, ob ein Agentgebot höher ist als das eigene Gebot...
      if ($bid <= $OldWinner_maxbid)
      {
        include "header.php";
        $send_email = 0;
        print "<Div align=\"Center\">";
        print "<br><br><Font face=\"Arial,Verdana, Helvetica\" ><H2>Das Gebot eines anderen Bieters war höher als Ihres!</h2></Font><br>";
        print "<Font face=\"Tahoma, Arial, Times New Roman, Verdana\" Size=\"2\">";
        print "<a href=\"item.php?id=$id\">Zurück zur Auktion</a>";
        print "</Font>";
        print "</Div><BR>";



        // Tabellen updaten...

        if ($bid < $OldWinner_maxbid)
        {
          // Das eigene Gebot
          $bid = doubleval($bid);
          $maxbid = $bid;

          $query = "update auctions set current_bid=$bid,starts=$auctiondate,ends=$auctionends where id=\"$id\"";
          if(!mysql_query($query)){
            print $flr_001."<BR>$query<BR>".mysql_error();
            exit;
          }

          $query = "insert into bids values(\"$id\",\"$bidder_id\",$bid,$maxbid,NULL,".intval($qty).")";
          if(!mysql_query($query)){
            print $flr_001."<BR>$query<BR>".mysql_error();
            exit;
          }
        }


        // Das des Bietagenten des OldWinners
        if (($bid + $increment) <= $OldWinner_maxbid)
        {
          $newbid = doubleval($bid + $increment); // einen Erhöhungsschritt weiter
        }
        else
        {
          $newbid = doubleval($OldWinner_maxbid);
        }
        $maxbid = $OldWinner_maxbid;
        $query = "update auctions set current_bid=$newbid,starts=$auctiondate,ends=$auctionends where id=\"$id\"";
        if(!mysql_query($query)){
          print $flr_001."<BR>$query<BR>".mysql_error();
          exit;
        }

        $query = "insert into bids values(\"$id\",\"$OldWinner_id\",$newbid,$maxbid,NULL,".intval($qty).")";
        if(!mysql_query($query)){
          print $flr_001."<BR>$query<BR>".mysql_error();
          exit;
        }

         //Print "OldWinner: ".$OldWinner_maxbid."<br>";
         //Print "Bid: ".$bid;

        if ($bid >= $OldWinner_maxbid)
        {
          $send_email = 1;

          // Das eigene Gebot
          if ($bid > $OldWinner_maxbid && ($OldWinner_maxbid + $increment) <= $bid)
            $bid = $OldWinner_maxbid + $increment;

          //$bid = doubleval($bid);
          $maxbid = $bid;

          $query = "update auctions set current_bid=$bid,starts=$auctiondate,ends=$auctionends where id=\"$id\"";
          if(!mysql_query($query)){
            print $flr_001."<BR>$query<BR>".mysql_error();
            exit;
          }
          $query = "insert into bids values(\"$id\",\"$bidder_id\",$bid,$maxbid,NULL,".intval($qty).")";
          if(!mysql_query($query)){
            print $flr_001."<BR>$query<BR>".mysql_error();
            exit;
          }
        }


        include "footer.php";
        exit;
      }
      else
      {

        $maxbid = $bid;

        // BM 9.3.2002 - Bug beim autom. Überbieten behoben
        if ($next_bid < $OldWinner_maxbid)
          $bid = $OldWinner_maxbid + $increment;
        else
          $bid = $next_bid;

      }
      // END BM 31.10.2001


    // Update auctions table with the new bid

    $bid = doubleval($bid);
    $query = "update auctions set current_bid=$bid,starts=$auctiondate,ends=$auctionends where id=\"$id\"";
    //$query = "update auctions set current_bid=$bid where id=\"$id\"";
    if(!mysql_query($query)){
      print $flr_001."<BR>$query<BR>".mysql_error();
      exit;
    }

    // Update bids table with the new bid
    $query = "insert into bids values(\"$id\",\"$bidder_id\",$bid,$maxbid,NULL,".intval($qty).")";
    if(!mysql_query($query)){
      print $flr_001."<BR>$query<BR>".mysql_error();
      exit;
    }


    if($send_email){
          //Print "Email wird gesendet an: ".$OldWinner_email;
          $year    = substr($auctionends,0,4);
          $month   = substr($auctionends,4,2);
          $day     = substr($auctionends,6,2);
          $hours   = substr($auctionends,8,2);
          $minutes = substr($auctionends,10,2);
          $ends_string   = $day . "." . $month . "." . $year . "  " . $hours . ":" . $minutes;
      $new_bid = print_money($bid);
          //-- Send e-mail message
             include('./includes/no_longer_winner.inc.php');
    }

    // 3) perform output
        if ( isset($flr) )
        {
          $flr = ${"ERR_".$flr};
          include "header.php";
          print "<CENTER> $std_font $flr </CENTER>";
          print mysql_error();
          include "footer.php";
          exit;
      }
        else
        {
          $TPL_id = $id;
          include "header.php";
          include "templates/template_bid_result_php.html";
          include "footer.php";
          exit;
        }
      }
        }

        if($display_bid_form)
        {
                // prepare some data for displaying in the form
                $nickH = htmlspecialchars($nick);
                $bidH = htmlspecialchars($bid);
                $qtyH = htmlspecialchars($qty);
                $TPL_title = htmlspecialchars($Data[title]);
                $TPL_next_bid = print_money($next_bid);

           $TPL_proposed_bid = print_money($bid);
             $TPL_cancel_bid_link = '<A HREF="item.php?SESSION_ID='
              . $sessionIDU . '">' . $text_332 . '</A>';


                // output the form
                include("header.php");

                // Kommas gegen Punkt austauschen
                $newbid = $bidH;
                $bidH = str_replace(",",".",$newbid);

                include("templates/template_bid_php.html");
                include("footer.php");
                exit;
        }